This is different though. PP is saying that you require a phone number to sign up, and phone numbers are being used to match your account to your user name.
"Signal does not send your phone number to anyone unless you have enabled that others can see it and then you send them a message or make a call to them."
Neither of these are the issue, the issue is the required association of a phone number with a Signal account. You cannot register a Signal account without a phone number.
It's something you'd want to avoid if your life, liberty or well-being are at risk if you're de-anonymized.
Signal, like most services, block text verification services, free texting apps, etc.
e-SIM wise, depending on where you are, that might require identifying yourself, and depending on your threat model, having to purchase one in person or with payment info that can be traced back to you might be too risky. Same thing when it comes to using one in a device you own, or in a location that can help de-anonymize you.
In the end, Signal does this because they know the ban hammer would come down hard on them from the Justice Department and every state AG and legislature if Signal allowed bad actors to anonymously use their app and network to commit crimes.
The issue is that there are plenty of people who are not doing heinous things whose security and anonymity might be at risk because of the measure put in place to placate governments.
You're confusing privacy with security. Phone numbers are a privacy problem and NOT a security problem.
Think of it this way. There's a vault that's locked with secrets inside, but the door is transparent. This does not prevent privacy. But the vault provides security.
Signal is not a transparent door, but is opaque. You can't see inside the vault. But the phone number reveals that you have access to the vault. This is very different than a security problem. Anyone connecting the two can see that you have a vault (security)[0], but they cannot see inside (privacy) or even when you access it (privacy).
There is no security issue with phone numbers.
[0] or can see that at some point in time you had a vault or someone that previously had that number had a vault
If your number is seized then the new account holder has no chat history. i.e. the vault is cleared out. In that situation you will also be kicked out, clearly telling you that your account has been hijacked.
It does not matter if you lose control of the number, the new person will be able to register. The 7 days period is for you to get control of the number back or make sure all your contacts know about the issue.
am I reading it wrong? but on my phone if i activate reglock again it says that if pin fails the account is blocked for seven days. I asume that after 7 days one still needs the pin to register or am i wrong?
There's a balance they want to strike. You can't assume phone numbers are unique to a person across time. So they need to be able to expire when someone stops using a number.
But again, acting on the other side also gets a notification in the chat stating that the security number has changed. The new person doesn't have the signal chat history. So if you're talking about sensitive things then it's a strong indication you should reverify their identity. Not practical for every day users but that's also not a typical threat scenario
Seems like you missed reading the entire context above. The discussion was about a number being seized or taken over by someone else. So your reply on inactivity is irrelevant since the new owner of the number can just wait a mere week and use it with Signal.
If you have done the out-of-band safety number verification, then impersonation attempts will give you a warning that their safety number has changed. I know this because I got that error when my wife replaced her cell phone.
I believe (though I haven't verified it myself) that even if you haven't verified the numbers using an out-of-band exchange mechanism, you will get a warning if the safety number as observed by their server changes. I believe they would need to know your Signal PIN to restore from backup, which means that even if you've set that it will give an alert, presuming basic security competence from the people you are conversing with.
> If you have done the out-of-band safety number verification
I personally have never seen anyone do this, even when they’re supposed to do it right from the very beginning. So practically this is of very little value to most of the user base.
You get notifications if the safety number gets changed from a device change either way. But doing the in person validation helps ensure that particular safety number you received was actually their safety number and not a MitM on first contact.
Yes, but with a canary. Would you rather not have a canary? The other person also receives a warning that the verification number has changed. It's not like the existence of a phone number is what creates the ability to hijack an account. And again, you can do registration locking so that solves that problem.
You can also do verification of your contacts. Best done in person where you can check the keys.
> MITM attack
I don't think that means what you think it means. Who is in the middle? This is E2EE
The privacy loss is "phone number has registered a signal account"
It does not
- conclude the user has or even has a signal account
- who that person is talking to
- what that person is talking about
- when those texts or messages are sent or received
What can you infer here that becomes a security risk? I guess if signal is outlawed before you have installed or your number was ever associated with an account? But it still have plausible deniability there
https://news.ycombinator.com/item?id=39444500 Keep your phone number private with Signal usernames (2024-02-20, 1422 points, 890 comments)